Permissions-constrained dynamic faceting of search results in a content management system

ABSTRACT

User permissions for a search on content managed by a content management system (CMS) can be evaluated in a search engine based on a user identity of a user providing a query input for the query rather than after return of an initial results set to the CMS or some other front-end application. The search engine can constrain possible results returned from a search for the query input using a content index of a plurality of content items maintained in a repository of the content management system. The constraining can include limiting the search engine from adding a content item of the plurality of content items to a permissions-filtered results set unless the evaluating of the user permissions and the search for the query input against the content index do not exclude the content item. Other aspects can support index updating by selective use of a metadata index.

CROSS REFERENCE TO RELATED APPLICATIONS

This application claims priority to and the benefit of the earlierfiling date of U.S. patent application Ser. No. 15/442,561 filed Feb.24, 2017, the content of which is hereby incorporated by referenceherein in entirety.

TECHNICAL FIELD

The subject matter described herein relates to indexing and searching ofcontent items managed by a content management system.

BACKGROUND

Enterprise content management (ECM) covers a broad range ofapplications, including document management (DM), Web content management(WCM), records management (RM), digital asset management (DAM), searchof managed content, and the like. A system for managing such content canbe generally referred to as a content management system (CMS) and can beconfigured with features suitable for managing the various content items(also referred to herein in some examples as “files” or “documents”)that an enterprise produces or generates, retains or otherwise stores,manipulates or modifies, etc. A CMS can support the requirements of oneor more applications including DM, WCM, RM, DAM, search, etc., andoptionally other requirements, to provide a coherent solution in whichcontent processes, management processes, and the like are capable ofaccessing content across a variety of applications subject to accesscontrols, permissions, and the like. Content (in the form of contentitems) managed by a CMS can include one or more of documents, images,photos, Web pages, records, XML documents, other unstructured orsemi-structured files, etc. Content retained in a CMS can also includedirectory structures (also referred to as file structure hierarchies)such as folders, file trees, file plans, or the like, which can provideorganization for multiple content items in addition to storing orotherwise representing relationships between content item, etc. Anykinds of content items can generally have metadata associated therewith.The metadata can include date or time information (last opened, lastsaved, created, disposal date, etc.) file size, location (e.g. where aphotographic image was taken), information about creation or a currentstate or storage location of the content item (e.g. camera settings fora photo, IP addresses of computers that have previously been used toaccess the content item, network traffic histories, etc.), or any otherinformation that may be desirable to store.

An “enterprise” can generally refer to an organization, such as forexample a business or company, a foundation, a government, a university,a department or sub-organization of one of these entities, or the like,and can have content requirements related to one or more businessprocesses, content uses, etc. Also, for the purposes of this disclosure,the term “document” may be used interchangeably to refer to any kind ofcontent item that may be stored in or managed by a CMS. The terms“folder” or “directory” can refer to a logical organizing structure thatcan be used in a CMS to group or otherwise assist a user in browsing fordocuments stored in or otherwise managed by the CMS.

A CMS manages the actual digital binary content, the metadata thatdescribes a context of each document, associations between a documentand other content or documents, a place and classification of a contentitem in a repository, indexes for finding and accessing content items,and the like. The CMS can also manage processes and lifecycles ofcontent items to ensure that this information is correct. The CMS canalso manage one or more workflows for capturing, storing, anddistributing content, as well as the lifecycle for how long content willbe retained and what happens after that retention period.

A CMS can be configured to maintain the security of content itemsmanaged by the CMS. One aspect of ensuring security of content items ina CMS can involve limiting access to certain content items (or groups ofcontent items) to some subset of all of the users who can access theCMS. While in some examples content that is particularly sensitive maybe encrypted such that users who lack the proper encryption key or keyscannot open, view, modify, or otherwise access the content, in otherexamples access restrictions may be additionally or alternativelyhandled by the use of access permissions, which can be applied toindividual users or groups of users (e.g. according to designated roleswithin an enterprise) or processes that access data (e.g. businessprocesses. A user lacking the proper credentials for a given contentitem is generally prevented from opening (or performing any other fileactions on) that content item. In some examples, a user who lacks accesspermissions for a given content item may be prevented from being allowedto even “discover” a content item, which means that the content item iseffectively hidden from view—in searches or in browsing to a folder orother file structure containing such a content item, the user should noteven be given an indication that the content item exists.

SUMMARY

Aspects of the current subject matter can relate topermissions-constrained operations and/or to indexing of content in acontent management system. Various combinations of representativefeatures are described in this section. These aspects are not intendedto be limiting.

In one aspect, which can relate to enabling of dynamic faceting ofsearch results in a CMS with application of permissions constraintswithin a search engine, a method includes evaluating user permissionsbased on a user identity of a user providing a query input for a searchon content managed by the content management system. The evaluatingoccurs in a search engine associated with a content management system.The method further includes the search engine constraining possibleresults returned from a search for the query input using a content indexof a plurality of content items maintained in a repository of thecontent management system. The constraining is based on the evaluatingof the user permissions and includes limiting the search engine fromadding a content item of the plurality of content items to apermissions-filtered results set unless the evaluating of the userpermissions does not exclude the content item and the search for thequery input returns the content item. The permissions-filtered resultsset is returned by the search engine along with permissions-correctedsummary statistics representative of the permissions-filtered resultsset. The returning includes dynamically generating facets for groupingthe permissions-filtered results set according to one or more facetingcriteria. The dynamically generating includes use of thepermissions-corrected summary statistics to calculate faceting relevantto the permissions-filtered results set.

In some variations of this aspect, one or more of the following featurescan optionally be included in any feasible combination. The evaluatingof the user permissions based on the user identity of the user caninclude a search on a user permissions index for permissions granted tothe user based on the user identity. The user permissions index caninclude an access control list index maintained by the search engine.The evaluating of the user permissions based on the user identity of theuser can include searching an access control list index for accesscontrol lists designating the user identity as being allowed asufficient level of access to content items assigned to those accesscontrol lists. The query input can include a partial query input thatcan include a string of characters entered by the user into a searchterm input user interface element in a user interface presented to theuser. The returning the permissions-filtered results set can includepresentation, in the user interface, of suggested content items based onthe partial query input. A method can further include using thepermissions-filtered results set to identify a projected query inputbased on the partial query input.

In another aspect, which can relate to enabling delivery of searchresults based on a partial query input for a search on a CMS withapplication of permissions constraints within a search engine, a methodincludes a search engine associated with a content management systemevaluating user permissions based on a user identity of a user providinga partial query input for a search on content managed by the contentmanagement system. The partial query input includes a string ofcharacters entered by the user into a search term input user interfaceelement in a user interface presented to the user prior to an indicationfrom the user that query inputting is completed. The method furtherincludes the search engine constraining possible results returned from asearch for the partial query input based on the evaluating of the userpermissions and using a content index of a plurality of content itemsmaintained in a repository of the content management system. Theconstraining includes limiting the search engine from adding a contentitem of the plurality of content items to a permissions-filtered resultsset unless the evaluating of the user permissions does not exclude thecontent item and the search for the partial query input returns thecontent item. The method further includes the search engine returningthe permissions-filtered results set with permissions-corrected summarystatistics representative of the permissions-filtered results set. Thereturning of the permissions-filtered results set includes presentation,in the user interface, of suggested content items based on thepermissions-filtered results set for the partial query input.

In some variations of this aspect, one or more of the following featurescan optionally be included in any feasible combination. A method canfurther include using the permissions-filtered results set to identify aprojected query input based on the partial query input for presentationto the user via the user interface. The evaluating of the userpermissions based on the user identity of the user can include a searchon a user permissions index for permissions granted to the user based onthe user identity. The user permissions index can include an accesscontrol list index maintained by the search engine. The evaluating ofthe user permissions based on the user identity of the user can includesearching an access control list index for access control listsdesignating the user identity as being allowed a sufficient level ofaccess to content items assigned to those access control lists. Thereturning can further include dynamically generating facets for groupingthe permissions-filtered results set according to one or more facetingcriteria. The dynamically generating can include use of thepermissions-corrected summary statistics to calculate faceting relevantto the permissions-filtered results set.

In yet another aspect, which can relate to efficient index updating in aCMS, a method includes indexing metadata for content items stored in arepository of a content management system. The indexing results in acurrent metadata index of the content management system. The methodfurther includes adding the current metadata index to a content index ofthe content management system which indexes content managed by thecontent management system, identifying a set of content items in therepository that have undergone a change to content based on the metadataindex, updating the content index for the set of content items withoutinitiating a full re-indexing of the content of the content managementsystem, and merging the current metadata index and the updated contentindex into a full content index for the content management system.

In some variations of this aspect, one or more of the following featurescan optionally be included in any feasible combination. The merging canoccur in response to a scheduled or triggering event. A method canfurther include generating a result set identifying matching contentitems in the content management system that match a query input,accessing text of a matching content item from the result set usingmetadata of the matching content items, returning textual context for aterm of the query input from the content item, and displaying thetextual context with the term highlighted via a user interface. A methodcan alternatively or additionally further include updating a contentcache storing a full text copy of content items managed by the contentmanagement system concurrently with the content index. The accessing ofthe text of the matching content item can include performing a lookup inthe content cache based on the metadata. The accessing of the text ofthe matching content item can include directly accessing the matchingcontent item in the repository of the content management system. Thegenerating of the result set can be performed by a search engineassociated with the content management system, and a method can furtherinclude evaluating user permissions in the search engine based on a useridentity of a user providing the query input, and constraining theresult set by the search engine based on the evaluating of the userpermissions. The constraining can include limiting the search enginefrom adding a content item of the plurality of content items to theresult set unless the evaluating of the user permissions does notexclude the content item.

Implementations of the current subject matter can include, but are notlimited to, methods consistent with the descriptions provided herein aswell as articles that comprise a tangibly embodied machine-readablemedium operable to cause one or more machines (e.g., computers, etc.) toresult in operations implementing one or more of the described features.Similarly, computer systems are also described that may include one ormore processors and one or more memories coupled to the one or moreprocessors. A memory, which can include a non-transitorycomputer-readable or machine-readable storage medium, may include,encode, store, or the like one or more programs that cause one or moreprocessors to perform one or more of the operations described herein.Computer implemented methods consistent with one or more implementationsof the current subject matter can be implemented by one or more dataprocessors residing in a single computing system or multiple computingsystems. Such multiple computing systems can be connected and canexchange data and/or commands or other instructions or the like via oneor more connections, including but not limited to a connection over anetwork (e.g. the Internet, a wireless wide area network, a local areanetwork, a wide area network, a wired network, or the like), via adirect connection between one or more of the multiple computing systems,etc.

The details of one or more variations of the subject matter describedherein are set forth in the accompanying drawings and the descriptionbelow. Other features and advantages of the subject matter describedherein will be apparent from the description and drawings, and from theclaims. While certain features of the currently disclosed subject matterare described for illustrative purposes in relation to a contentmanagement system, it should be readily understood that such featuresare not intended to be limiting. The claims that follow this disclosureare intended to define the scope of the protected subject matter.

DESCRIPTION OF DRAWINGS

The accompanying drawings, which are incorporated in and constitute apart of this specification, show certain aspects of the subject matterdisclosed herein and, together with the description, help explain someof the principles associated with the disclosed implementations. In thedrawings,

FIG. 1 shows a diagram illustrating features of a content managementsystem consistent with implementations of the current subject matter;

FIG. 2 and FIG. 3 show diagrams respectively illustrating application ofpermissions after generation of an initial results set according to aconventional approach and within the search engine such that apermissions-filtered results set is generated directly;

FIG. 4 shows a diagram illustrating features of an approach consistentwith implementations of the current subject matter for providingdynamically determined faceting on search results from a contentmanagement system with user permissions applied;

FIG. 5 shows a diagram illustrating features of an approach consistentwith implementations of the current subject matter for providingsuggested results sets and/or suggested query inputs for partial querystring searches on a content management system with user permissionsapplied;

FIG. 6 shows a process flow diagram illustrating aspects of a method forevaluating user permissions in a content management system having one ormore features consistent with implementations of the current subjectmatter; and

FIG. 7 shows a diagram illustrating features of an approach consistentwith implementations of the current subject matter for updating acontent cache in a search engine associated with a content managementsystem; and

FIG. 8 shows a process flow diagram illustrating aspects of a method forindexing content items in a content management system consistent withimplementations of the current subject matter.

When practical, similar reference numbers denote similar structures,features, or elements.

DETAILED DESCRIPTION

Modern content management systems commonly include functionality thatallows a user to perform searches for documents or folders stored withinor otherwise managed by the CMS. Such search functionality can include atext entry box into which a user can enter one or more search terms totrigger retrieval of documents or folders. The specifics of a userinterface for entry of search terms and display of retrieved documentsor folders (or links or other references to such retrieved content) arenot key to the disclosed subject matter. Any user interface suitable forsearch of content in a CMS and for conveying information about theretrieved content can be consistent with the implementations of thecurrent subject matter described herein provided such a user interfacesupports one or more of the described features and functionality.

As noted above, an important function of a CMS, particularly one usedfor storing and managing content related to an enterprise environment,can be proper handling of user permissions for accessing, viewing,reading, writing, modifying, etc. content stored in and/or managed bythe CMS. One approach for handling user permissions or other accesscontrols for documents in a CMS can include use of access control lists(ACLs). An ACL can be considered as an ordered list of access controlentries (ACEs), each of which associates a single authority to a singlepermission group or permission, and states whether the permission is tobe allowed or denied. Nodes (e.g. nodes on a directory hierarchy such asa folder, sub-folder, document, etc.) in a CMS can include an associatedACL. In general an ACL specifies if it should inherit ACEs from an ACLassociated with a parent node. An ACE generally includes an authority, apermission, and a deny/allow flag. While the examples described hereinmake general reference to ACLs, other approaches to handing of userpermissions relative to content items in a CMS are also within the scopeof the current subject matter.

FIG. 1 shows a diagram illustrating components of a CMS 100 illustratinghow various features discussed herein, such as for example ACLs, ACEs,content items, folders, and the like, may interact or operate consistentwith implementations of the current subject matter. A CMS installation100 manages a repository 110. The CMS 100 can be implemented as softwareor other code running on one or more computing systems each of whichincludes one or more programmable processors. The repository 110includes physical storage for the content items (e.g. optical, magnetic,solid state, or other storage devices), which can optionally be part ofone or more computing system implementing the CMS. Alternatively, therepository and the content stored therein can be managed by a CMSimplemented on one or more computing systems that are remote from one ormore computing systems that include the physical storage upon which thecontent items are stored.

The repository 110 stores content, including content items 115, whichcan also include associated metadata 117 as well as the content itself.The content items 115 can be organized according to a file structurehierarchy 120, which can optionally be a folder tree having one or morefolders 119 or other structures defining one or more levels of filestructure hierarchy as illustrated in FIG. 1 . Folders 119 or otherstructures defining levels of a hierarchy are also considered as contentitems (as noted above), and therefor also include associated metadata117. In the example illustrated in FIG. 1 , the file structure hierarchy120 includes four levels: a top level 122, and lower levels 124, 126,and 128. One or more of the levels 122, 124, 126, 128 of the hierarchycan have a reference to an associated ACLs (also referred to as an ACLreference 130). Alternatively, ACLs or other permissions can be handledvia relational database entries, for example with each ACL or otherdesignator of user permissions for access to content items, folders,etc. having database records associated with it for each content item,folder, etc. that is associated with that ACL or other permissiondesignator. One or more individual content items can also be associatedwith one or more ACLs (which henceforth in this disclosure aresummarized merely as ACLS). In general, an ACL associated with a foldercan propagate to any sub-folders within the folder as well as anycontent items in the folder or in the sub-folders. For example, the ACLassociated with a folder 119 can be also associated with content items117 or other folders 119 at a lower hierarchy level that are containedwithin in that folder. This association can be represented by an ACLlink 135, which can be explicit or implicit. These ACLs 130, oralternatively other definitions of access permissions (which are alsoconsistent with the current subject matter) include restrictions imposedon a level of access granted to a given user with regards to the userinteracting with a given content item (or items) managed by the CMS 100.

The level of access can include one or more of full access, read only,no access, discoverable only, or other possible options. Full accessgenerally imposes no restrictions on the ability of the user to performactions such as read, view, edit, delete, copy, download, etc. on thecontent item. Access controls can optionally restrict one or more ofthese permissions for a user relative to the content item. A fullrestriction would be no access—the user is not allowed to even see thatthe content item exists. For example, the content item may be hiddenfrom appearing in search results despite matching query criteria orsearch terms, etc. or may be invisible when a user navigates to a folderor other file structure including such a content item for which the userlacks the necessary access. “Discoverable only” can mean that thecontent item may appear as a result of a search or within a folder thata user navigates to, but the user would not be able to open, download,or perform any other actions on the content item. In some examples, adiscoverable only file can appear in the user interface as greyed out orotherwise non-selectable. Such a designation can refer to content itemsor file hierarchy structures that a user is able to find by searching onmetadata or the like, but whose content the user is not allowed toaccess. In an example, a user viewing a set of search results orbrowsing to a folder or other organizational structure that includes acontent item for which the user does not have the appropriaterestriction mark or marks but which has a “discoverable only” setting,the presence of the content item may not be hidden from the user, but noother actions can be taken by the user on the content item.

When a user initiates a search on the CMS, the results displayed to theuser (e.g. via a user interface view) desirably include only thosecontent items that a) match any search terms or other criteria providedby the user and b) are accessible to the user. Accessible to the usermeans that the user is at least capable of discovering a content item.If the user specifies, or if other settings of the CMS so indicates, theresults displayed may desirably be limited to only those content itemsfor which the user has a more permissive level of access than merelydiscoverable only. If the user's level of access to a content item is noaccess (or some other level of access that prevents the user from evendiscovering (or otherwise being made aware) of a content item, thatcontent item should desirably not appear in a results set generated inresponse to a search, query, or file structure navigation request by theuser that would otherwise have resulted in display of the content itemas a search or query result or as being contained within a folder orother file structure that the user has reached.

A typical database search engine generally accesses all results meetingthe query parameters and then performs a post-retrieval evaluation ofthe results before providing those results to the query originator. Oneexample of a search engine typically employed in enterprise contentmanagement systems is the Solr search platform available from the ApacheSoftware Foundation (Forest Hill, Md.). In conventional approaches, forexample as illustrated in FIG. 2 , a search engine 205 may evaluate thesearch terms and/or other criteria provided by a user (e.g. a queryinput 210) to determine an initial results set 215. The determining ofthe initial results set 215 generally includes a query against one ormore content indexes 218 of the CMS repository 110 to identify thosecontent items having indexed content and/or metadata that matches thequery input 210. The initial results set 215 can then be limited by theCMS 100 or other front end application by evaluating and applying userpermissions 220 relative to a user identity 225 to eliminate thosecontent items included in the initial results set but not accessible tothe user to thereby produce a permissions-filtered result set 230.Evaluation of user permissions can include evaluating whether to allowor deny access to a content item; whether a user has necessary ownershiprights of the content item (e.g. as may be implemented in a recordsmanagement environment, etc.), whether any security restrictions orclassifications, caveats, supplementary markings, etc. are applicablethat may prevent user access to the content item; or the like. Caveatscan generally refer to a designation applied to a content item or otherfile structure or to a user to indicate some type of security-based (orother) of restriction on possible user access to that content item orfile hierarchy structure on top of more traditional security orclearance markings. A non-limiting example of the use of caveats isdescribed in co-pending and co-owned U.S. patent application Ser. No.15/423,521, the disclosure of which is incorporated herein by reference.

In some implementations of the current subject matter, a search engine205 associated with a CMS 100 can include features relating to strategicevaluation of permissions of the query originator (e.g. a human userentering query terms into a search box or other user interface element,an application from within which a query is generated under directionfrom a logged-in user, or the like) making a query request within thesearch engine 205. This approach can enable generation ofpermissions-filtered result set 230 that is already limited to onlythose results that are actually available to the query originator (e.g.the user) directly within the search engine 205 rather than requiringany post processing by the CMS 100 or other front-end application.

In other words, consistent with implementations of the current subjectmatter and as shown in the example of FIG. 3 , upon receipt of the queryinput 210, the search engine 205 can perform evaluation of the userpermissions 220 as part of directly producing a permissions-filteredresult set 230 without the need for post-pressing of permissionsevaluation by the CMS 100 or some other front end application. Toaccomplish this outcome, which can provide significantly quicker andmore dynamic search results, a user permissions index 310 thatcorrelates or otherwise associates user permissions 220 with thosecontent items maintained in the CMS repository 110 or managed by the CMS100 to which the user permissions 220 are applicable can be employed.The user permissions index 310 can be included in the evaluation of thequery by the search engine 205 such that the search engine 205 evaluatesthe user permissions index 310 against the user identity 225 to filteron those content items that the user could feasibly be allowed to see ina permissions-filtered results set in addition to evaluating the queryinput 210 provided by the user. The evaluation of the user permissionsindex 310 against the user identity 225 can optionally involve searchingan ACL index for those ACLs designating the user identity as “accessallowed” at a sufficient level of access to permit the user to at leastdiscover, or optionally at least interact with (e.g. by opening,viewing, moving, editing, deleting, downloading, etc.) those contentitems assigned to such ACLs. The content index or indexes 218 used bythe search engine 205 for evaluating the query based on the query input210, such as for example a content index, a metadata index, etc., canthen be filtered (e.g. a search on the content index 218 can beconstrained) to only those entries relating to content items that appearon the ACLs identified in the search of the ACL index. It will beunderstood that other implementations of user permission indexes (e.gbesides an ACL index as described above) are also consistent withfeatures of the current subject matter.

In another example implementation of the current subject matter, thequery input 210 can be evaluated first by the search engine 205 beforesearching the user permissions index 310. Alternatively, the evaluationsof the query input 210 against the one or more content indexes 218 canoptionally occur effectively concurrently with the evaluation of theuser permissions index 310 against the user identity 220 and the resultsof the these two evaluations can be combined by operation of the searchengine 205 to directly produce the permissions filtered results set 230without a need for any post search engine processing of an initialresults set 215 by the CMS 100 or some other front end application.

The approach of evaluating user permissions directly within the searchengine 205 described herein can be employed to supply one or more ofseveral possible benefits or advantages, a few of which are described inmore detail below. Consistent with implementations of the currentsubject matter, several advantageous features can be realized as aresult of evaluating permissions of a query originator within the searchengine rather than filtering an initial results set based on thosepermissions as an intermediate step between query result retrieval anddisplay of those results to a query originator. Among possible benefitsor advantages of an evaluation of user permissions within a CMS searchengine 205 consistent with implementations of the current subjectmatter, such an approach can support dynamic faceting features, livesearch results provided during user entry of only part of the queryinput 210, or the like.

Faceting of query or search results generally refers to clustering ofitems or search results into categories that let users drill into searchresults (or even skip searching entirely) by any value in any field(e.g. an attribute, criterion, etc.). A displayed facet can show anumber of hits within the results set generated by the query that matchthe category within the facet. As an example, a results set can befaceted on file size, and the categories into which the data can bedivided based on the file size facet can be less than 50 kbytes, 50 kbto 200 kbytes, 200 kbytes to 1 MB, and greater than 1 MB. A user can“drill down” by applying specific constraints to the search results.This kind of faceting of query or search results can also be referred toas faceted browsing, faceted navigation, guided navigation, parametricsearch, etc.

The live or “dynamic” faceting features discussed herein can, in someimplementations of the current subject matter, be implemented asfollows. In existing approaches, faceting of search results can occur onpredetermined criteria. For example, an application for searching oncontent relating to a shopping website could be configured toautomatically facet returned data according to pre-determined groupingsof values on one or more variables. Such pre-determined groups couldinclude, for example, pre-defined price ranges (e.g. less than $10, $10to $25, $25-$100, and more than $100), pre-defined ranges of expecteddelivery dates (e.g. within the next day, the next 1-3 days, 4-10 days,more than 10 days, etc.) or other binning criteria that can bepre-configured based on the expected types of values to be returned.However, a CMS 100 that manages all content produced or maintained by amulti-modal enterprise may include a sufficiently varied scope of typesof content that the use of pre-defined faceting criteria may result inless useful or even non-sensical faceting of the data. Some existingapproaches may include user-configurable facets (e.g. by presenting viaa user interface one or more controls that enable a user to select whichcriteria to facet on and/or to choose how the bins used for the facetingon a given criterion or criteria are defined).

In the aspect of the current subject matter relating to dynamicfaceting, features of the results set, or more specifically, the contentitems in the results set, are used to determine which facets are likelyto be of interest. While predetermined facets can be presented as anoption or as a default, dynamic faceting based at least in part onactual content or metadata of the content items returned in a query canimprove a user experience.

Drilling down can be accomplished as follows. For each facet displayedto a user, for example in a search pane of a user interface, a list ofvalues which appear in the results set as well as the number of contentitems containing each value are presented. Selecting one of the valuescan cause a filtering of the search results to those documentscontaining the value. The facets pane can then be updated to the newsearch result. The facet fields and the number of content items for eachvalue can be updated to those appearing in the filtered result.

The ability to provide automatic, dynamic faceting of content itemsreturned in a permissions-filtered results set 225 can be a desirablefeature in a CMS 100 that handles a variety of content. Such a featuremay be readily enabled if there is no need to evaluate user permissionsfor the content items returned in a results set for a given query input210, in that the search engine 205 can provide summary statistics (e.g.ranges of one or more parameters characteristic of the generated resultsset and counts of retuned content items occurring within various rangesof such parameters) usable by the CMS 100 or other front end applicationto intelligently determine how to assign ranges for a set of bins intowhich the returned search results are to be faceted. However, when asearch on content items managed by a CMS 100 is subject to applicationof user permissions to determine which content items both match thequery input 210 and are compatible with user permissions 220 evaluatedagainst the user identity 225 of the user providing the query input 210,the summary statistics provided by the search engine 205 may result innon-useful faceting outcomes. For example, a query input might return aninitial results set 215 with summary statistics representative of thecontent items included in the initial results set 215. However, theapplication of user permissions 220 to the initial results set 215 maycause those summary statistics to no longer be reasonably representativeof the content items remaining in the resulting permissions-filteredresults set. Accordingly, any determination of dynamic faceting ranges(i.e. definitions of bins into which the results in thepermissions-filtered results set 225 are to be separated according toone or more criteria) may not occur in a manner that is logical oruseful to a user. In an example, suppose a query input returns a largenumber of larger documents or of a certain type of content items, butthose returned content items are disproportionately content items forwhich the user has restricted access. When the restricted access contentitems are removed from the initial results set 215 returned by thesearch engine in by the application of the user permission 220, thepermissions-filtered results set would have a skewed distribution ofcontent items having the faceted criteria relative to the summarystatistics returned by the search engine. This outcome can cause thepresented number of content items having the presented values to beincorrect, and can even cause values to be listed that do not appear inany content items available for access by the user to be included in thelist of values.

The above-described approach of evaluating user permissions using a userpermissions index 310 within the search engine 205 can address thisissue that may arise with previously available approaches. In thisaspect of the current subject matter, which can optionally be includedin combination with features of other aspects described herein, featuresrelating to dynamic generation of facets for results generated by aquery on access permission controlled content stored in a CMS can beincluded. As a general feature, a query input 210 is received from auser. As noted above, the query input 210 can be directly entered by auser into a user interface element such as a text box, pull-down menu,or the like. Alternatively or in addition, a query can be initiated byan application that accesses the content stored in a repository 110 thatis part of or otherwise maintained or managed by the CMS 100, eitherautomatically or in response to some user input.

As illustrated in FIG. 4 , permissions-corrected summary statistics 410produced by the search engine using the approach illustrated in FIG. 3to be representative of the permissions-filtered results set 225 areapplying through a faceting engine 420, which can be part of the CMS 100or some other front end application to calculate results-relevantfaceting 430 (i.e. using binning on one or more criteria that arerelevant to the permissions-filtered results set 225 with ranges thatdivide) the permissions-filtered results set 225 into usable groupingsdynamically determined facets to allow a user to effectively drill downinto the results. In other words, the presented list of values appearingin the permissions-filtered results set 225 is generated directly fromthe search engine via evaluation of user permissions (e.g. using asearch on the user against a user permissions index 310 as well as asearch on the query input 210 against the content index 218.

In another aspect of the current subject matter, the evaluation of userpermissions dynamically within a search engine 205 can also supportprovision of live search results during user entry of a query input 210.This feature represents an additional area in which post-search engineevaluation of user permissions as in currently available approaches canresult in less than optimal results. Many users are familiar with thebeneficial features of popular search engines that result in rapiddisplay of preliminary search options (e.g. text to finish a query inputor even a list of suggested results that is populated and successivelyupdated with potentially more accurate results as the user enters moreand more characters of a query input 210 into a search term input box.Such a feature generally relies upon the search engine performing alookup against its content index to identify potentially matching hits.However, in the cases described above in which the content index 218 isused for finding content items in a CMS repository 110 that match thequery input with resolution of any applicable user permissions occurringafterwards, and generally not within the search engine 205, there is ahigh likelihood of a user being shown suggested query completion hintsor suggested results that the user is not actually allowed to access.

This issue can be addressed using an approach with similarities to thatillustrated in FIG. 3 . As shown in FIG. 5 , a partial query input 510,such as for example can be received via a search term input userinterface element in a user interface presented to a user. The CMS 100or other front end application that manages the user interface caninclude criteria for determining a number of characters of entry arerequired to trigger a suggested results feature that results ingeneration of either or both of a suggested results set 520 or a set ofone or more query suggestions 530 for how the query input might becompleted.

For generating a permissions-filtered suggested results set 520, thesearch engine can perform a full lookup on the content index 218 as wellas the user permissions index 310 to determine a set of content itemsthat are to be returned based on whatever string of characters has beeninput by the user into the search term input user interface element. Insome examples, the permissions-filtered suggested results set 520 can begenerated whenever a pause in entry by the user of a search string isdetected. For example, a pause in typing of more than a half second (orany other relevant or threshold time period, which can be preset oruser-defined) can be detected and used as a signal to generate thepermissions-filtered suggested results set 520. Such a pause, or othercriteria, can be used to trigger generation of results based on thepartial query input. The pause or other criteria do not represent anexplicit indication from the user that query inputting is completed. Thegeneration of the permissions-filtered suggested results set can occurin much the same manner as is described above in reference to FIG. 3 .As multiple permissions-filtered suggested results sets 520 may begenerated on a entry of a single full query input (e.g. if the userpauses more than once), speed of generation of a givenpermissions-filtered suggested results set 520 as well as efficiency inuse of system resources can be maximized, in some examples, by use of apre-evaluation of the user permission index for those permissions groups(e.g. ACLs) for which the user identity 225 indicates allowedpermissions and then use of this evaluation as a filter on the contentindex 218 such that the partial query input 510 need not be searchedagainst the entirety of the content index 218.

Generation of a permissions-filtered suggested query input 530 canproceed in a similar manner except rather than presenting a listing ofsuggested content items, the search engine 205 can evaluate the outcomesof possible, contextually logical strings of characters that may followthe partial query input 510 that is already received. In other words,the partial query input can be processed to identify multiple next setsof characters that might logically follow the already-entered characterstring. This processing can include application of a natural languagemodel, a dictionary consistent with the language of the partial queryinput, or the like to identify likely character strings that might benext entered by the user. Each of these multiple possible next sets ofcharacters can be, in turn, combined with the already provided partialquery input 510 to generate a set of projected query inputs. Apermissions-filtered results sets can be generated for each suchprojected query input, and the projected query inputs can be presentedto the user as suggested, permissions-filtered suggested query inputs530 with a ranking applied based on one or more criteria applied to thepermissions-filtered results set generated for each projected queryinput. One example of a ranking consistent with implementations of thecurrent subject matter can involve giving higher ranking to thoseprojected query inputs returning a smallest non-zeropermissions-filtered results set. Alternatively, a ranking of thepermissions-filtered results set for the projected query inputs can bebased on recentness of access (e.g. by the user or by other users) ofthe content items in the generated permissions-filtered results sets.Any other criteria for ranking the permissions-filtered results setsresulting from the projected query inputs is also within the scope ofthe current subject matter.

Selection by the user of one of the projected query inputs can result inan immediate (or near immediate) return of the appropriate relatedpermissions-filtered results set 520 for that projected query input.

In some further implementations of the current subject matter, a CMS 100(or optionally a query management component of a CMS 100), a front endapplication, or the search engine 205 itself can evaluate one or morefeatures of a query input and/or some measure of current system resourceusage to how to execute the query with evaluation of user permissions ina most efficient manner. For example, if the features of a query input210 (e.g. an estimated number or, optionally, an actual number ofcontent items likely to be returned via execution of search using thequery input 210) indicate that a results set returned by execution ofthe query will be larger than a threshold size, the CMS 100 (oroptionally a query management component of the CMS) or the front endapplication or search engine 205 can determine that a most efficientexecution includes evaluation of user permissions by the search engine.In other words, user permissions can be added as additional terms orcriteria to be evaluated by the search engine 205 as discussed above inreference to FIG. 3 . While this decision may result in the query itselfrequiring more system resources to execute, post-query processing toremove content from the results set for which the user does not have anadequate level of access can be eliminated. In this manner, the overalluse of system resources may be reduced. Additionally, elimination of aneed for post-query processing can enable faster and/or more responsivebehavior of the query result user interface. For a query input 210 thatis estimated to return a results set that is smaller than the thresholdsize, user permission can be evaluated post-query, for example by theCMS 100 itself or by a front end application.

In one example of this faster and/or more responsive behavior,determination of dynamically generated faceting criteria can proceedimmediately upon return of a results set rather than being required towait for post-query processing.

FIG. 6 shows a process flow chart 600 illustrating features of a methodconsistent with implementations of the current subject matter. At 610,user permissions are evaluated in a search engine based on a useridentity of a user providing a query input for a search on contentmanaged by a content management system. The search engine constrains, at620, possible results returned from a search for the query input using acontent index of a plurality of content items maintained in a repositoryof the content management system based on the evaluating of the userpermissions. The constraining includes or involves limiting the searchengine from adding a content item of the plurality of content items to apermissions-filtered results set unless the evaluating of the userpermissions and the search for the query input do not exclude thecontent item. The permissions-filtered results set is returned at 630.

Another potential challenge in usability of and efficient consumption ofcomputing resources by a CMS 100 can involve updating of the contentindex 218 of the content items stored in one or more repositories 110managed by a CMS installation and/or the metadata associated with thosecontent items.

Indexing of the content items 115 and their associated metadata 117 in aCMS repository 110 can improve searches, provide alternative ways toorganize information stored or managed by the CMS 100, and the like. Asnoted above, a content index 218 can support the ability for users toquickly and efficiently access content items stored in the repository110 managed by the CMS 100. A content index 218 can also be used toprovide very fast partial query or search results, for example togenerate “as you type” results that populate upon entry by a user of oneor more characters in a search string. As used in this description, auser may refer to an person who enters one or more search terms as partof a query input 210 directly via a query input feature of a userinterface or via an application. Alternatively, the user can refer to anapplication that initiates a query on a CMS repository without directhuman input. In general, a user is some entity that requestsidentification and/or retrieval of content items meeting one or moresearch or query criteria.

Automated indexing and/or classification approaches are generallycapable of extracting data for indexing, categorizing, transferring,etc. autonomously. Automatic classification or categorizing can be basedon the information contained in or otherwise associated with contentitems in the CMS and can be used for evaluating information based onpredefined criteria, as part of a self-learning process, etc., as wellas via a combination of one or more approaches. In general, maintaininga useful (e.g. reasonably up to date, accurate, etc.) content index 218of the content of a CMS 100 that manages a large store of content itemscan impose a heavy computing load. For example, a typical approach toconstructing a content index 218 involves the use of a crawler programthat traverses a relational database structure of the CMS repository110, typically via a series of queries and/or lookup requests. For a CMS100 managing a very large pool of content items 115, updating of thecontent index 218 can require accessing a large number of databaserecords on a regular basis.

The content index 218 can include both information about the contentitems 115 themselves (e.g. terms found in a text file, etc.) andmetadata 117 reflecting other information about the content (e.g.relevant dates such as creation dates, edit dates, dates on which acontent item has been accessed; file size; file type; or the like). Theinformation about a content item 115 itself can, in some examples,include a cached, full text copy of the textual content of the contentitem 115 in the repository 110. This full text copy can also be referredto as a content cache, which can be maintained or otherwise madeaccessible at the search engine. The content cache can be quite usefulin supporting features such as term hit highlighting, which typicallyrely on having a rapidly accessible, high speed cache of content. Termhit highlighting includes providing excerpts with returned searchresults to show where the search terms of a query input 210 occur withina particular field of a matching content item in the results set. FIG. 7shows a diagram illustrating features of a CMS 100 and an associatedsearch engine 205 in which the search engine 205 includes a contentindex 218 and a content cache 710, either or both of which can beupdated periodically via a crawl of content items in the repository 110.

Refreshing of a content cache 710 and/or a content index 218 of a CMSrepository 110 can be a resource-intensive process because doing sogenerally requires crawling all content items in the CMS repository toconstruct the index and/or update the content cache. The content index218 and/or content cache 710 can include both metadata and contentinformation about content items in the repository 110.

Implementations of the current subject matter can include a moreefficient updating procedure for the content index 218 and/or contentcache 710. An example of such an approach can include updating ametadata index 720 first during an index update. There are a number ofchanges to metadata that can occur for a given content item that wouldexplicitly not require an update to the indexing of content of thecontent item (for example, a renaming of the content item, a moving ofthe content item to a different location within a file structurehierarchy of the CMS 100, a change to a disposal schedule for a recordin a records management application, designation of a content item as arecord—thereby indicating that no further change to content arepossible, or the like). Furthermore, a content item that does not haveany change to metadata can be identified as not having a content change.For example, if a content change occurs, the metadata would be updatedto reflect a new “saved” timestamp or the like. Absence of any metadatachange would therefore indicate that no change has occurred to thecontent.

Based on the indexed metadata for a repository, the content cache 710can be selectively updated on some desired interval (e.g. at regularintervals, when a certain number of accesses have occurred, when someother condition occurs or is met, etc.). In this context, selectiveupdating refers to replacing content in the content cache 710 and/orupdating the content index 218 as a whole for any content items thathave undergone a change (as indicated by the metadata index 710) withoutneeding to update the entirety of the content cache 710. In this manner,metadata indexing can occur more frequently than content indexing and/orcaching of content, thereby keeping the metadata index more currentwhile also allowing less frequent updating of the full content index 218and/or content cache 710.

Consistent with implementations of the current subject matter, a methodas described in FIG. 8 can be used for updating a search engine contentindex 218 for content items managed by a CMS 100. At 810, metadata forcontent items stored in a repository of the CMS are indexed. Theindexing results in a current metadata index of the content managementsystem. At 8200, the current metadata index is added to a content indexof the CMS. The content index indexes content managed by the CMS. Basedon the metadata index, a set of content items in the repository thathave undergone a change to content is identified at 830, and the contentindex for the set of content items is updated at 840 without initiatinga full re-indexing of the content of the content management system. At850 the current metadata index and the updated content index are mergedinto a full content index for the content management system. The mergingcan occur according to a regular schedule or in response to occurrenceof a triggering event or the like.

As noted above, the content index 218 can include a content cache 710,which can, in some implementations of the current subject matter, storea full-text copy of the textual content of all content items managed bythe CMS 100. As maintenance of such a content cache can beresource-intensive, it can be advantageous to use the above-notedapproach to causing updates of the content cache 710. In one example,the metadata index 720 can be updated on a more frequent schedule thanthe content index 218. Periodic merges of the metadata index and thecontent index 218 can be scheduled less frequently. However, the contentindex 218, and optionally the content cache, can be selectively updatedin response to detection of updates to the metadata index 720.

One potential use for a content cache 710 as described herein is inprovided term hit highlighting in response to a text-based search oncontent managed by the CMS. In general, a search that includes a queryinput can be performed using the content index 218, which includes botha metadata index and indexed content from the content items managed bythe CMS 100. A result list identifies matching content items that matchthe query input. In one option, metadata referencing the matchingcontent items is used in a lookup of the content cache. In anotherexample, metadata referencing the matching content items can be used formaking call directly to the matching content item in the repository 110of the CMS 110. In either example, a snippet of text from the contentitem is returned for display in a result set. The snippet includes oneor more terms of the query input shown in context as they appear in thecontent item. The terms in the snippet can be highlighted, for exampleby a different font or highlighting color; using italics, underlining,bold-facing; or the like.

In certain implementations of the current subject matter, thepermissions evaluations discussed earlier in this application can beapplied as part of the generation of the term hit highlighting. Forexample, a search engine 205 of the CMS 100 can evaluate userpermissions based on a user identity of a user providing the query inputand constrain the result set based on the evaluating of the userpermissions. The constraining can include limiting the search enginefrom adding a content item of the plurality of content items to theresult set unless the evaluating of the user permissions does notexclude the content item.

In the example in which a content cache 710 within the content index 218is used for providing the context text for the snippet, the contentcache may be out of date with the content item itself, for example ifthe content item has undergone a content change since it was lastindexed. However, the use of the content cache 710 can be useful inproviding a user with context of the query terms as they appeared in thecontent item according to the criteria by which the content item wasselected for inclusion in the result set. In other words, because thecontent cache 710 is generally updated concurrently with the contentindex 218, both of the content cache and content index itself may beinconsistent with a recently updated content item. However, if thatrecently updated content item is identified in a search, it can beuseful for the user to be able to understand why the content item wasidentified. Use of the content cache provide context of the query termsas they were at the time that the content index was updated.

One or more aspects or features of the subject matter described hereincan be realized in digital electronic circuitry, integrated circuitry,specially designed application specific integrated circuits (ASICs),field programmable gate arrays (FPGAs) computer hardware, firmware,software, and/or combinations thereof. These various aspects or featurescan include implementation in one or more computer programs that areexecutable and/or interpretable on a programmable system including atleast one programmable processor, which can be special or generalpurpose, coupled to receive data and instructions from, and to transmitdata and instructions to, a storage system, at least one input device,and at least one output device. The programmable system or computingsystem may include clients and servers. A client and server aregenerally remote from each other and typically interact through acommunication network. The relationship of client and server arises byvirtue of computer programs running on the respective computers andhaving a client-server relationship to each other.

These computer programs, which can also be referred to programs,software, software applications, applications, components, or code,include machine instructions for a programmable processor, and can beimplemented in a high-level procedural language, an object-orientedprogramming language, a functional programming language, a logicalprogramming language, and/or in assembly/machine language. As usedherein, the term “machine-readable medium” refers to any computerprogram product, apparatus and/or device, such as for example magneticdiscs, optical disks, memory, and Programmable Logic Devices (PLDs),used to provide machine instructions and/or data to a programmableprocessor, including a machine-readable medium that receives machineinstructions as a machine-readable signal. The term “machine-readablesignal” refers to any signal used to provide machine instructions and/ordata to a programmable processor. The machine-readable medium can storesuch machine instructions non-transitorily, such as for example as woulda non-transient solid-state memory or a magnetic hard drive or anyequivalent storage medium. The machine-readable medium can alternativelyor additionally store such machine instructions in a transient manner,such as for example as would a processor cache or other random accessmemory associated with one or more physical processor cores.

To provide for interaction with a user, one or more aspects or featuresof the subject matter described herein can be implemented on a computerhaving a display device, such as for example a cathode ray tube (CRT) ora liquid crystal display (LCD) or a light emitting diode (LED) monitorfor displaying information to the user and a keyboard and a pointingdevice, such as for example a mouse or a trackball, by which the usermay provide input to the computer. Other kinds of devices can be used toprovide for interaction with a user as well. For example, feedbackprovided to the user can be any form of sensory feedback, such as forexample visual feedback, auditory feedback, or tactile feedback; andinput from the user may be received in any form, including, but notlimited to, acoustic, speech, or tactile input. Other possible inputdevices include, but are not limited to, touch screens or othertouch-sensitive devices such as single or multi-point resistive orcapacitive trackpads, voice recognition hardware and software, opticalscanners, optical pointers, digital image capture devices and associatedinterpretation software, and the like.

In the descriptions above and in the claims, phrases such as “at leastone of” or “one or more of” may occur followed by a conjunctive list ofelements or features. The term “and/or” may also occur in a list of twoor more elements or features. Unless otherwise implicitly or explicitlycontradicted by the context in which it used, such a phrase is intendedto mean any of the listed elements or features individually or any ofthe recited elements or features in combination with any of the otherrecited elements or features. For example, the phrases “at least one ofA and B;” “one or more of A and B;” and “A and/or B” are each intendedto mean “A alone, B alone, or A and B together.” A similarinterpretation is also intended for lists including three or more items.For example, the phrases “at least one of A, B, and C;” “one or more ofA, B, and C;” and “A, B, and/or C” are each intended to mean “A alone, Balone, C alone, A and B together, A and C together, B and C together, orA and B and C together.” Use of the term “based on,” above and in theclaims is intended to mean, “based at least in part on,” such that anunrecited feature or element is also permissible.

The subject matter described herein can be embodied in systems,apparatus, methods, and/or articles depending on the desiredconfiguration. The implementations set forth in the foregoingdescription do not represent all implementations consistent with thesubject matter described herein. Instead, they are merely some examplesconsistent with aspects related to the described subject matter.Although a few variations have been described in detail above, othermodifications or additions are possible. In particular, further featuresand/or variations can be provided in addition to those set forth herein.For example, the implementations described above can be directed tovarious combinations and subcombinations of the disclosed featuresand/or combinations and subcombinations of several further featuresdisclosed above. In addition, the logic flows depicted in theaccompanying figures and/or described herein do not necessarily requirethe particular order shown, or sequential order, to achieve desirableresults. Other implementations may be within the scope of the followingclaims.

What is claimed is:
 1. A computer-implemented method comprising:evaluating, in a search engine associated with a content managementsystem, user permissions based on a user identity of a user providing aquery input for a search on content managed by the content managementsystem; constraining, by the search engine based on the evaluating ofthe user permissions, results returned from a search for the query inputusing a content index of a plurality of content items maintained in arepository of the content management system; preventing the searchengine from adding a content item of the plurality of content items to apermissions-filtered results set, in response to the search for thequery input returning the content item and further determining that theuser permissions exclude the content item as being accessible to a userassociated with the user identity; dynamically generating one or morefacets for grouping the permissions-filtered results set according toone or more faceting criteria; and returning, by the search engine, thepermissions-filtered results set.
 2. The method as in claim 1, whereinthe dynamically generating comprises use of the permissions-correctedsummary statistics to calculate faceting relevant to thepermissions-filtered results set.
 3. The method as in claim 1, whereinthe evaluating of the user permissions based on the user identity of theuser comprises a search on a user permissions index for permissionsgranted to the user based on the user identity.
 4. The method as inclaim 3, wherein the user permissions index comprises an access controllist index maintained by the search engine.
 5. The method as in claim 4,wherein the evaluating of the user permissions based on the useridentity of the user comprises searching the access control list index.6. The method as in claim 5, wherein the access control list indexrefers to one or more access control lists designating the useridentity.
 7. The method as in claim 6, wherein the one or more accesscontrol lists include data identifying the user associated with the useridentity as being allowed a sufficient level of access to one or morecontent items identified in the one or more access control lists.
 8. Themethod as in claim 1, wherein the query input comprises a partial queryinput comprising a string of characters entered by the user into asearch term input user interface element in a user interface presentedto the user.
 9. The method as in claim 1, wherein the returning thepermissions-filtered results set comprises presentation, in a userinterface, of suggested content items based on the partial query input.10. The method as in claim 1, further comprising using thepermissions-filtered results set to identify a projected query inputbased on the partial query input.
 11. A computer implemented systemcomprising one or more controllers configured to perform instructionscomprising: evaluating, in a search engine associated with a contentmanagement system, user permissions based on a user identity of a userproviding a query input for a search on content managed by the contentmanagement system; constraining, by the search engine based on theevaluating of the user permissions, possible results returned from asearch for the query input using a content index of a plurality ofcontent items maintained in a repository of the content managementsystem, the constraining comprising limiting the search engine fromadding a content item of the plurality of content items to apermissions-filtered results set unless the evaluating of the userpermissions does not exclude the content item and the search for thequery input returns the content item; returning, by the search engine,the permissions-filtered results set with permissions-corrected summarystatistics representative of the permissions-filtered results set, thereturning comprising dynamically generating facets for grouping thepermissions-filtered results set according to one or more facetingcriteria, the dynamically generating comprising use of thepermissions-corrected summary statistics to calculate faceting relevantto the permissions-filtered results set.
 12. The system as in claim 11,wherein the evaluating of the user permissions based on the useridentity of the user comprises a search on a user permissions index forpermissions granted to the user based on the user identity.
 13. Thesystem as in claim 11, wherein the user permissions index comprises anaccess control list index maintained by the search engine.
 14. Thesystem as in claim 11, wherein the evaluating of the user permissionsbased on the user identity of the user comprises searching an accesscontrol list index for access control lists designating the useridentity as being allowed a sufficient level of access to content itemsassigned to those access control lists.
 15. The system as in claim 11,wherein the query input comprises a partial query input comprising astring of characters entered by the user into a search term input userinterface element in a user interface presented to the user.
 16. Thesystem as in claim 15, wherein the returning the permissions-filteredresults set comprises presentation, in the user interface, of suggestedcontent items based on the partial query input, and wherein theoperations further comprise using the permissions-filtered results setto identify a projected query input based on the partial query input.17. A computer program product comprising a non-transitorymachine-readable medium storing instructions that, when executed by atleast one programmable processor, cause the at least one programmableprocessor to perform instructions comprising: evaluating a query inputreceived from a user to search content managed by a content managementsystem, the content being searchable using a content index configuredfor indexing the content and a metadata index configured for indexingmetadata associated with content items associated with the indexedcontent; determining user permissions by searching a user permissionsindex implemented as an access control list index for one or more accesscontrol lists; generating a permissions-filtered results set thatincludes at least a threshold number of content items that satisfy thequery input and excludes content items that fail to satisfy userpermissions identified in the access control list index; and returningthe permissions-filtered results set by dynamically generating facetsfor grouping the permissions-filtered results set according to one ormore faceting criteria.
 18. The computer program product as in claim 17,wherein the dynamically generating comprises use of thepermissions-corrected summary statistics to calculate faceting relevantto the permissions-filtered results set and the permissions-correctedsummary statistics identifies correct ranges of one or more parameterscharacteristic of the permission-filtered results set and correct countsof content items occurring within various ranges of the one or moreparameters.
 19. The computer program product as in claim 18, wherein acorrect distribution of content items having faceted criteria relativeto the summary statistics is returned, the faceted criteria beingdynamically determined based at least in part on content or metadataassociated with the content items that satisfy the query input, and theuser being provided with the option to select a dynamically determinedfaceted criteria, instead of a faceted criteria determined prior to thedynamic determination of the faceted criteria.
 20. The computer programproduct as in claim 18, wherein the user permissions are evaluated basedon a user identity by searching an access control list index for accesscontrol lists designating the user identity as being allowed asufficient level of access to content items assigned to those accesscontrol lists.